https://github.com/umbraco/Umbraco-CMS/issues/5665: Resolved issue where adding non-admin user group editor to group already exists

This commit is contained in:
Andy Butland
2019-06-16 12:20:52 +02:00
committed by Bjarke Berg
parent c597da8f97
commit 15b1d35c17
@@ -51,13 +51,8 @@ namespace Umbraco.Web.Editors
if (isAuthorized == false)
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Unauthorized, isAuthorized.Result));
//current user needs to be added to a new group if not an admin (possibly only if no other users are added?) to avoid a 401
if(!Security.CurrentUser.IsAdmin() && (userGroupSave.Id == null || Convert.ToInt32(userGroupSave.Id) >= 0)/* && !userGroupSave.Users.Any() */)
{
var userIds = userGroupSave.Users.ToList();
userIds.Add(Security.CurrentUser.Id);
userGroupSave.Users = userIds;
}
//need to ensure current user is in a group if not an admin to avoid a 401
EnsureNonAdminUserIsInSavedUserGroup(userGroupSave);
//save the group
Services.UserService.Save(userGroupSave.PersistedUserGroup, userGroupSave.Users.ToArray());
@@ -88,6 +83,23 @@ namespace Umbraco.Web.Editors
return display;
}
private void EnsureNonAdminUserIsInSavedUserGroup(UserGroupSave userGroupSave)
{
if (Security.CurrentUser.IsAdmin())
{
return;
}
var userIds = userGroupSave.Users.ToList();
if (userIds.Contains(Security.CurrentUser.Id))
{
return;
}
userIds.Add(Security.CurrentUser.Id);
userGroupSave.Users = userIds;
}
/// <summary>
/// Returns the scaffold for creating a new user group
/// </summary>